package com.kqzz.tbxt.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.firewall.StrictHttpFirewall;

import java.nio.charset.StandardCharsets;
import java.util.regex.Pattern;


@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
	
	
	@Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/actuator/**","/webjars/**","/resources/**",
				"/v2/api-docs", "/swagger-resources/configuration/ui",
				"/swagger-resources","/swagger-resources/configuration/security",
				"/doc.html","/css/**", "/js/**","/images/**");
    }

	@Bean
	public StrictHttpFirewall httpFirewall() {
		StrictHttpFirewall firewall = new StrictHttpFirewall();
//		firewall.setAllowedHeaderValues((header) -> {
//			String parsed = new String(header.getBytes(StandardCharsets.ISO_8859_1), StandardCharsets.UTF_8);
//			return ASSIGNED_AND_NOT_ISO_CONTROL_PATTERN.matcher(parsed).matches();
//		});
		Pattern allowed = Pattern.compile("[\\p{IsAssigned}&&[^\\p{IsControl}]]*");
		firewall.setAllowedHeaderValues((header) -> {
			String parsed = new String(header.getBytes(StandardCharsets.ISO_8859_1), StandardCharsets.UTF_8);
			return allowed.matcher(parsed).matches();
		});
		return firewall;
	}


}
